The cybercriminals behind the recent ransomware incident that impacted over 20 local governments in Texas are apparently demanding $2.5 million in exchange for access to encrypted data.
The incident took place on August 16, when 23 towns in Texas revealed they were targeted in a coordinated attack to infect their systems with ransomware. The State Operations Center (SOC) was activated soon after and all of the impacted entities were quickly identified.
Although it initially said that 23 local governments appeared affected, the Texas Department of Information Resources (DIR) has since revealed that only 22 towns suffered following the attack. Responders have engaged with all of them to assess the impact of the attack.
“More than twenty-five percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual,” the DIR revealed in an update.
While the investigation into the attack continues, DIR says that evidence continues to suggest that a single threat actor was behind it. However, it did not provide additional details on the incident.
City of Borger was one of the victims, with its business and financial operations and services impacted by ransomware, although basic and emergency services continued to be operational.
“Currently, Vital Statistics (birth and death certificates) remains offline, and the City is unable to take utility or other payments. Until such time as normal operations resume, no late fees will be assessed, and no services will be shut off,” the city said earlier this week (PDF).
City of Keene was also affected, being unable to process utility payments.
In both cases, no customer credit card or other personal information appears to have been impacted by the incident.
While authorities have yet to reveal any details on the attackers’ demands, Keene Mayor Gary Heinrich revealed that the hackers were apparently asking for a collective ransom of $2.5 million to unlock the encrypted files, NPR reports.